Every company maintains multiple Web applications, internal or external. In order to make these applications to work together, usually we need to enable Single Sign-On (SSO) for authentication. Typically, this can be very costly and requires advanced configurations. If you are building portal solution with WebCenter PS3, you may avoid complexity by leveraging External Application Connection feature. Read more about this feature from WebCenter Developer and Administration guides -
63.13 Working with External Applications and
25 Managing External Applications. As you can read from developer guide, automated SSO feature is supported for J2EE security container login method j_security_check for authentication. We did several tests with third-party Struts application, where custom made security check was implemented. It also works well, I will share our test results with you in this post.
Download sample Struts application, we are using it as a third-party secured application with its own Login page -
struts-blank.zip. There is WebCenter PS3 application, it defines External Application Connection and integrates external Struts application into portal -
ExternalAppAccess.zip. You can deploy Struts application on WebLogic server, just extract downloaded archive and point installation wizard to extracted Web folder. All required Struts libraries are already included into sample archive:
To trigger external application automatic authentication, WebCenter menu link must point to ADF external application login servlet. As per documentation, menu link must be defined as following: /adfextapplogin?extappid=applicationName. In my case, applicationName=myExtApp:
This menu item is set to be visible only to authenticated users:
We can deploy and login into our portal application - menu link will be present. However, when user will try to click on it, message saying that external application is not found will be shown to the user:
Its possible to specify External Application Connection during design time, with JDeveloper wizard or directly on runtime. Let's do this on runtime, through WebCenter application administration console. User must be granted at least ConnectionManager role, but in this example let's grant Administrators role. We can do this on runtime as well, no need to redeploy WebCenter application. Just open Enterprise Manager and select WebCenter application - ExternalAppAccess in our case:
Go to the security section and add user redsam to Administrators role:
Now go to WebCenter administration screen, Services -> External Applications section - add new connection:
Application Name must be same as we have defined on WebCenter menu. For User ID and User Password check HTML source code of Login page, in my example it will be
user_id and
pswd respectively. For Login URL, check
form tag and use
action property with Login URL string:
In my example, Login URL will have this format:
http://server-ip:server-port/Web/LoginSubmit.do. Where
Web is Struts application name and
LoginSubmit.do is action property value. Authentication method will be
POST, as you can see from Login page HTML source. Complete connection information:
If needed, we can provide additional variable values for hidden fields, however our example is not using such fields.
Registered External Application Connection:
Let's login now as normal user, not administrator - redsam1:
Click on external application link - if you will try to access external application for the first time for current user, WebCenter will render automatically External Application Login Information ADF task flow to collect login credentials:
Sample Struts application accepts
oracle/oracle for username and password, let's type it and press Login. Make sure you allow WebCenter to remember Login credentials - once authenticated, provided credentials wil remain mapped with current WebCenter authenticated user:
Authentication is completed successfully, external Struts application welcome page is loaded inside our portal:
Now we can logout and login again with the same user, to test if external application login credentials were stored in WebCenter security store:
Click on external application link - authentication for external Struts application is completed automatically this time, the same as it would be done with SSO solution:
WebCenter solution for portal allows to access external third-party application and standard ADF application task flows from the same portal - example of ADF task flow accessed in the same portal:
Now let's logout and login with another user, this time - redsam2. This user was never authenticated with external application, WebCenter asks to provide login credentials:
We can uncheck "Remember My Login Information" check-box and process with Login, in this case username and password will not be stored inside WebCenter security store. But authentication will be completed successfully:
If we logout and login again with the same user redsam2, since login credentials for external application were not stored inside WebCenter security store, user will be requested to provide them again:
You may ask, what we should do, if external application username or password data will be changed. Thats not a problem at all, there is out-of-the-box WebCenter PS3 ADF task flow - External Applications Change Password, we can use it:
Drag and drop it into any fragment or page, reference that fragment or page from WebCenter menu model:
On runtime, login as user redsam1, you will see there is second level menu item will be available - Change Password (as we have specified in WebCenter menu model). Click on it and you will get standard Change Password ADF task flow from WebCenter:
Let's change User Name with wrong value, for test purposes:
Try to access external Struts application, automatic login will fail - we have set not existing user name:
Change user name back to one existing inside Struts application:
User will be successfully automatically authenticated through WebCenter External Application Connection:
